Tag: kaspersky
Advanced Persistent Threats Rise by 74% in 2024 Report – March 6th
The frequency of Advanced Persistent Threats (APTs) has surged, with Kaspersky's latest report revealing a 74% increase in such attacks compared to last year. APTs were detected in 25% of organizations, accounting for 43% of high-severity security incidents, highlighting a sharp rise in sophisticated cyber threats. Kaspersky's analysis suggests attackers are refining their tactics to bypass security measures, leveraging human-operated techniques rather than automated exploits. The report underscores the growing persistence of APT actors, emphasizing the need for proactive defense strategies across industries.
GoldenJackal targets top-secret installations
An as-yet-unidentified group, known only as GoldenJackal with suspected links to the Russian state, is targeting high-security networks that are intentionally isolated from the internet. Confidential data is frequently stored in “air-gapped” computers that do not have an online connection and were, until now, virtually impossible to hack. But cybersecurity firm ESET now reports that GoldenJackal was deploying “a highly modular toolset” against a government organization in a European Union (EU) country between May 2022 and March 2024. This follows similar ongoing attacks on air-gapped systems in Belarus that began in August 2019.
Critical infrastructure at risk from modem flaws
“Critical flaws” have been identified in modems deployed in millions of devices worldwide. Cybersecurity firm Kaspersky has issued a report warning companies of severe security vulnerabilities in Cinterion cellular modems. According to Kaspersky, Cinterion modems are cornerstone components in machine-to-machine (M2M) and Internet of Things (IoT) communications and now offer a back door for all kinds of threat actors. They support various applications, ranging from industrial automation and vehicle telematics to smart metering and healthcare monitoring. Gemalto, the initial developer of the modems, was subsequently acquired by Thales. In 2023, Telit acquired Thales’ cellular IoT products business, including the Cinterion modems.
Beware weaponized Google Ads
Cybercriminals are exploiting a previously unseen backdoor to substitute ‘malvertizing’, weaponized bogus ads to push them to the top of Google searches. The attacks are particularly dangerous to corporations of all sizes, as they are aimed squarely at in-house IT professionals, who invariably hold the keys to the organization’s digital kingdom The unknown threat actor(s) ' selection of spoofed software evidences that cybercriminals’ targets primarily consist of IT professionals, particularly those in IT security and network administration roles, according to research from Zscaler ThreatLabz. “Beginning in March of 2024, Zscaler ThreatLabz observed a threat actor weaponizing a cluster of domains masquerading as legitimate IP scanner software sites to distribute a previously unseen backdoor. The threat actor registered multiple look-alike domains…and leveraged Google Ads to push these domains to the top of search engine results targeting specific search keywords,” says Zscaler ThreatLabz.
Middle Eastern Governments Targeted by Evasive “CR4T” Backdoor – April 19th
Kaspersky reported on their discovery of the cyber campaign labeled "DuneQuixote," which targets Middle Eastern government agencies through a sophisticated backdoor to spread malware. The backdoor, "CR4T," is a C/C++-based memory-only implant that enables threat actors to access consoles for command-line execution. This can lead to uploading and downloading illicit files onto affected systems.
Security Flaws Found in ChatGPT Plugins – March 15th
According to Salt Labs research, third-party OpenAI ChatGPT plugin security flaws could allow attackers to install malicious plugins, and hijack third-party website accounts. Leveraging security gaps in ChatGPT plugins' large language models (LLMs), OAuth workflow, and PluginLab both feature weaponizable vulnerabilities.
Exfiltrated Info Automatically Spread on Discord Bot Channel – January 23rd
On an analysis published by Trellix security researcher Gurumoorthi Ramanathan, the "NS-STEALER" malware distributed via a hidden ZIP file could lead to captured data automatically displayed on the Discord bot channel "EventListener". The hidden malware "NS-STEALER" when deployed onto a user's system, can automatically collect screenshots, cookies, credentials, autofill data, and system information from web browsers.
JP Morgan Chase Combats 45 Billion Cyber Attacks Daily – January 18th
On Wednesday, January 17th, JPMorgan Chase's asset and wealth management division head, Mary Callahan Erdoes, said during the World Economic Forum in Davos that the firm faces a staggering 45 billion breach attempts daily. Mary explained on a panel session that they have more security engineers than Google and Amazon, out of necessity, as threat actors increasingly get "smarter, savvier, quicker, more devious and mischievous."
62% of Top Ransomware Groups Activated Remote Attacks in 2023 – December 27th
According to Sophos' latest report, 62% of the most active ransomware groups in the world deliberately enable remote encryption for their attacks. Sophos' report entitled "CryptoGuard: An Asymmetric Approach to the Ransomware Battle," gathered the data based on Sophos' detected and halted ransomware attacks in 2023. The report further stated that remote encryption is used as a tactic for effective, widespread ransomware attacks within organizations, aiming to steal as much sensitive information as possible.
Pittsburgh-area Water Authority Hit by Cyber Attack – November 28th
The Municipal Water Authority of Aliquippa reported a cyberattack that shut down their water pressure technology, to the U.S. Department of Homeland Security this past weekend. According to the U.S. Department of Homeland Security, the unassuming cyberattack may come with serious international implications, with the attack suspected to come from an anti-Israeli Iranian threat actor group labeled as "Cyber Av3ngers". This nation-state cyberattack is not the first to disrupt critical water infrastructure.
IT security responsible for 14% of cyber-breaches
A staggering 14 percent of cyber incidents are due to senior IT security staff errors, compounded by a further 15% of errors caused by other IT staff. According to a new study published by cybersecurity firm Kaspersky, over the last two years, 77 percent of companies experienced between one and six cybersecurity breaches, with IT security staff being directly culpable for almost a third of all cybersecurity breaches.
Canadian Government Employees Banned to Use Kaspersky and WeChat Apps – October 31st
SlashNext's "State of Phishing Report for 2023" report stated the 1265% phishing increase in malicious phishing emails since Q4 2022, correlating to ChatGPT's launch. It was also reported that 31,000 phishing emails were sent on a daily basis in the past year, 68% of them being text-based Business Email Compromise (BEC).